My first book, Internet Privacy Rights – Rights to Protect Autonomy – has just been published, in the Cambridge University Press series ‘Cambridge Intellectual Property and Information Law’. It is an academic book, and written from the perspective of a legal academic, but it is intended as something that contributes to a debate far beyond the ivory towers of academe, and in fields beyond that of law. It is also written, I hope, in a form that should make it accessible to people other than academics, and in particular other than lawyers.

Rights to protect autonomy

Privacy is in the title, but this is not a book about privacy per se. Though what we mean when we talk about privacy is discussed, the underlying theme is autonomy – and the privacy rights suggested are intended primarily as instrumental, to protect that autonomy. Given the nature of the internet and the ways that we use it, privacy is necessary to protect it. Invasions and infringements of privacy, from surveillance and tracking to profiling and misuse of data, can have an impact on far more than our ‘individual’ privacy – they can have an impact on pretty much every aspect of our lives, from ‘traditional’ civil rights such as freedom of speech, association and assembly to practical things like our job prospects, our relationships, our credit ratings and the prices we pay for goods. Our autonomy, our freedom to live as we would like to live, is threatened by these invasions and infringements, not just what we traditionally think of as privacy. Understanding this is crucial to understanding the importance of protecting online privacy – and to how we can and should protect that privacy.

In order to understand this, many of the different ways that our privacy is infringed are examined, from government surveillance to behavioural advertising, from the activities of search engines to the numerous ways that data is vulnerable to hacking, loss and misuse. There are case studies, drawn from some of the most familiar ways in which we use the internet and some of the biggest players on the net including Google and Facebook, and theoretical analyses that arise from them. Though the case studies reveal many things that should disturb and concern us, I do not think that it is time for us to give up on privacy – indeed, some of the case studies in the book have results that could be said, at least in part, to be ‘victories’ for privacy.

Indeed, one of my key contentions is that not only is privacy not dead yet, even in the light of the revelations of Edward Snowden, but there are some positive signs. In many ways people appear to be more concerned about privacy either than they seemed to be in the past or than those in authority and in business have believed them to be. When I began this research, seven years ago, online privacy was very much a niche subject, discussed only by what might loosely be described as geeks or nerds. Now it has become mainstream, something that is of interest to almost everyone. People care – and more importantly people seem to be coming to believe that they have rights online – which is where the privacy rights suggested come into play.

Internet privacy rights

It is important to understand that the ‘rights’ suggested here are not ‘legal’ rights in a direct sense – though they have a relationship with legal rights. The law is only a small part of the story – often, as the case studies indicate, the laws are often inappropriately written, inconsistent and conflicting, feebly enforced or easily sidestepped. Understanding what people need and what they expect can be more important if businesses are to gain or keep the trust and support of their customers, and if governments are to retain the support of their citizens.

Rather than legal rights, what are looked at are the rights that we, people who use the internet (and that’s most of us), believe we should have, rights that we need to have, rights that businesses and governments need to take into account and respect if they are to have support from us. Four linked and related rights are suggested. A right to roam the internet with privacy, a right to monitor those who are monitoring us, a right to delete personal data (related, but not identical to the contentious right to be forgotten), and a right to an online identity. They are not intended as absolute rights – rather, they are rights to be held in balance with other rights and needs such as freedom of expression, intellectual property rights, freedom to pursue business, the needs of governments to provide security and so forth. Nevertheless, privacy matters – and, as noted above, on the internet it matters far more broadly than traditional privacy does – and it should not be considered easy for other rights to outweigh it in the balance. Indeed, as the case studies show, when people’s rights are not taken sufficiently and appropriately into account, business models can fail, laws can be defeated and governments and businesses can be forced into changes. The more people become aware of their rights, the harder it is for those who infringe them to succeed.

Privacy is not dead yet

Though there are many reasons to be concerned about privacy – and the revelations of Edward Snowden added greatly to those – I believe that we can find ways to make our future more ‘privacy-friendly’. Indeed, the way that such a future might look is part of the subject of the final chapter of the book. Ultimately, the real point of the book is to contribute to the debate over privacy. It is a debate that needs to be had, particularly in the UK where we don’t seem to discuss the issue enough, as the relatively muted debates over the actions of GCHQ and the NSA have shown. We need to talk about it much more.

Internet Privacy Rights: Rights to Protect Autonomy is available from Cambridge University Press either as a hardback or an e-book, here.

[…] that I’ve been banging on about for some years. I talk about the right quite a lot in my book Internet Privacy Rights… so I thought I’d just give a quick flavour of it. Here are a couple of paragraphs from Chapter […]